formbook

General

Target

JaffaCakes118_c146830c91a48b199be408e0e885eb7f94cb9a716f614310986584e452a77374
Size

640KB
Sample

241225-yvvzgswlhr
MD5

bfa84bbe0969849bf7be92cc52140eff
SHA1

f7176b632307bbfbd7e9df6992ad93f328c177bd
SHA256

c146830c91a48b199be408e0e885eb7f94cb9a716f614310986584e452a77374
SHA512

57c4b40f879303f6a285ef268fa456c0e70b92258cb843820fddf7dc1b5fbca238ec40eabb81359affdf8fdaa12539818cb5cfdd0d3304a591ba579687eb610a
SSDEEP

12288:CzlP62WTQ+7oDOA8V3gAWIEWUos5+r8DQiJHRzce2XzBYepNOXeHF:YF6273TUj+osYrmHSe2FYlXs

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

oc5e

Decoy

9gZPW9yJUzcMFJ6KSbk=

kWCy2lf52OGbUmtEHR9i3aOIb8c=

mKKp192P5FQ5p4cxJ8vQyqOIb8c=

5On+xX5s0VE5pruTMQ+5

xs0RFcesYRb5MAHGrTUPz6OIb8c=

m36XWeE+J455493HVQTJfCo=

QtLkoNvKqJ9eJrVmXC7PlSg=

0jiSSgO6GNN7N1jk5A==

aX7BtX5eyln88rZeJKWuY1Hy0g==

tQ9ZEtyxE6FfoLGTMQ+5

MZHXcyvfLOXMCeGPSfKrkCI=

qYzioZQLHKOtY7FH2tltaA==

mH5m/biP4UL5c6uTMQ+5

Qla8f3DYrQy2bocc

iRoQtvLlAFxDv3Me8w==

p+4A7eVNLpeQBPGon3NMCOZXFX9O

WfAzGFQF3jkZk7eTMQ+5

Z7oF0kuvBLNkXBvBgwcNEulXFX9O

KBFnE0PvwOuIlBPBm2OqYA==

alm1creOsHsx7g==

Targets

- Target
  
  efb19672e87fabd19381a971af5776394e593b13e3f065f20e4ef8bbfd923177
- Size
  
  915KB
- MD5
  
  792353205b038d4109dc86fbfaf1836e
- SHA1
  
  788fd33360c15eaefe8074d0d67ec3198d028e7e
- SHA256
  
  efb19672e87fabd19381a971af5776394e593b13e3f065f20e4ef8bbfd923177
- SHA512
  
  5a91c9662e0ea4e9db2ea2046a0b696f0a85c99aa851cda9987ba81c4a0edc92d05862efea481fe50492f44352cb38bb5bd3bb16b2cda20e96a612da68c0c8ec
- SSDEEP
  
  12288:jqY3c8/y70cUbrU/4Rj8JIJTcbfdK1rZdnSWBopL/DCn6k6DNwIrqaewt1KgP:Wmx7g/0gJzbfdSDSWBopfC6BD
Score

10^/10

formbook oc5e discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2